Another example for why there should be an API for serving AdSense server-side rather than via javascript.

Exploiting the hosts file to swap out ads seems to be growing in popularity. A few weeks ago there was a thread about some website instructing visitors to repoint the adsense server to their own server in the hosts file.

Thanks for posting this! I would expect to get emails from concerned visitors to my site(s) if inappropriate advertising appeared. Then I'd hopefully be able to instruct them on removal of the Trojan from their computer. Fortunately, my content is all very family-friendly and my users would be quick to alert me if something was funny to them. If I hadn't read this post, I wouldn't know it was a visiting computer's issue and not something going wacky with my ads!

YM

Interesting article, though not enough details. I would think G could foil it simply by, say, having publishers change the name or format of the javascript included on the publisher page. Thus perhaps the reason for the new ads managing option? It might allow them to change it so quickly and often the trojan can't keep up.

who has the virus?
the advertiser, the publisher or the user visiting the website?

The visiting user.